JPH04213184A - Method and apparatus for controlling transac- tion using microcircuit card - Google Patents

Abstract

PURPOSE: To reduce the trouble of password code input by providing a the memory of a microcircuit card with a small-amount area managed with opening bits and eliminating the need to input a password code within a specific frequency for a small-amount transaction. CONSTITUTION: The memory M of the microcircuit card CP is provided with areas I and II. When the card CP is inserted into a card reader L and a transaction is requested, the card reader L makes a request to show a password code on condition that the amount of money is larger than a specific value S and records the transaction in the area I. Further, the opening bits of N free spaces of the area II are set to '1'. When the amount of money of the transaction is less than the specific value S, the transaction is recorded in the spaces of the area II whose opening bits are '1'. If there is the spaces, a request to show the password code is made and opening bits are newly set in the N spaces.

Description

[Detailed description of the invention]

0001

FIELD OF THE INVENTION This invention relates to the field of transaction systems using microcircuit cards. More particularly, it relates to a method of managing transactions and a corresponding device using such a microcircuit card.

0002

2. Description of the Related Art Microcircuit cards (microcircuit cards), typified by so-called IC cards, have conventionally been used in banking transaction systems. In this type of transaction, in order to use the microcircuit card in a card reader, the holder of the microcircuit card must present to this card reader a PIN code, which is his or her own code, and when the transaction concerns an amount. , this transaction is allowed to take place. In other applications, it may not be necessary to present this PIN. In particular, if these applications do not operate the microcircuit, or if their operation only involves reading the magnetic tracks of the microcircuit card, there is no need to present this PIN. However, now the required applications generally use microcircuits and, in particular,
When recording a transaction in a memory area designed for this purpose, the holder's pin code is presented to the system, regardless of the amount involved in the transaction.

Although such devices are completely secure, they clearly have the disadvantage of being cumbersome and tedious to use when the amounts involved in transactions are small. Presenting a PIN was designed for large amounts of money, and the security afforded to these large amounts is appreciated, but presenting a PIN to the system for purchases with small amounts is not supported. It is disproportionate to the risk.

[0004] Therefore, in the case of multi-purpose cards, particularly credit cards and telephone cards, which are expected to develop in the future, it would be appropriate to provide different processing methods for transactions with large amounts and transactions with small amounts.

[0005]

[Problems to be Solved by the Invention] It is an object of the present invention to eliminate the need for systematic presentation of a PIN by a holder for transactions that have been evaluated in advance to be of low importance; The object of the present invention is to provide a method for managing transactions using microcircuit cards and a corresponding device, which is carried out by sufficiently simple means and which allows sufficient security to be maintained.

[0006]

[Means for Solving the Problems] According to the present invention, there is provided a system that uses a microcircuit card and a card reader in combination, wherein a holder of the microcircuit card is recognized by the system by the holder's personal identification code. a method for managing transactions in a system comprising: configuring the memory space of the microcircuit card to record transactions in at least one area that can be accessed without presenting the pin code to the system for the transaction; However, upon presentation of the PIN code by the holder, in the above area,
A method is provided, characterized in that writing of opening bits into the memory space is enabled until the number of open spaces reaches a predetermined number N (where N is 2 or more).

Another object of the invention is to provide an apparatus configured for carrying out this method.

[0008] The invention and other features thereof will become apparent from the following description of an exemplary embodiment, with reference to the accompanying drawings.

[0009]

[Example] As described above, the method according to the present invention allows the holder to enjoy the "right" N times without having to present the PIN code by presenting the holder's PIN code once to the card reader. can. Here, N≧2. However, that “
Every time a person exercises a right, that right is consumed. For example, each time a personal identification code is presented, if the amount is less than $100, the transaction can be performed N (=5) times.

[0010] To this end, the microcircuit is configured such that the corresponding transaction record (for example, a transaction of less than $100) can be directed to a limited number of areas of memory space for recording data. configured. On the other hand, in the method according to the present invention, during the process of configuring the microcircuit card, an initial value of 0 is set in the head of each recording space, and after the microcircuit card is configured, the corresponding command is programmed into the microcircuit. A bit is provided that can be changed to a value indicating the opening of a recording space.

[0011] This command is enabled by presentation of the holder's pin code. The enabled command then opens previously unused recording spaces until the number of spaces opened is equal to N (eg, 5).

[0012] Therefore, at the first use of a new microcircuit card, the card reader asks for a pin code to be entered, and after the pin code has been entered and authenticated by the microcircuit, the microcircuit transfers the command. do. This transferred command initially grants access to a transaction memory area configured for transactions involving large amounts. This area will be referred to as area I in the following description. Additionally, this command inverts the header bits of the N recording spaces of the transaction memory area configured for transactions involving small amounts. This area will be referred to as Area I below.
Let it be I. The effect of this is that the rights corresponding to these N spaces can be obtained without having to use the PIN code again as a key.

[0013] If the next transaction is a large transaction, recording will be performed in the corresponding area and none of the N open spaces will be used. If the amount of the transaction is small, the recording will be performed in one of the N open storage spaces, and for the next small transaction, N-1 storage spaces will be available.

[0014] At the next use, the holder will not be asked for the pin code via the card reader unless the transaction amount is small and the open storage space is not fully used.

However, when the transaction amount is large, or when the transaction amount is small but the open space is all used, the PIN code is required again. In either of these cases, entering the pin code enables the opening of a recording space in the memory area allocated to small transactions and causes the opening of N new spaces. It is designed to be used in the latter case, ie when the open space is already fully used.

FIG. 1 illustrates a flowchart of a transaction management method according to the present invention, which will be described below.

In a first step 1, a microcircuit card is inserted into a card reader and a transaction is requested via the card reader's keyboard. After this first step 1, check whether the amount of the requested transaction T is equal to or greater than a predetermined threshold S (step 2); If it is equal to or greater than S, the card reader asks for a pin code (step 3). By testing the value of the PIN code (step 4), if the PIN code is correct, recording of the transaction in area I is permitted (step 5), and if the PIN code is incorrect, the transaction is rejected (to end).

The card reader has the option of not considering this transaction recorded in area I for the management of area II, and the operation is then terminated.

In a preferred embodiment corresponding to the flowchart of FIG. 1, when the holder's pin code is correctly presented, the card reader reads the opening bits of the first N empty spaces of region II. command (step 6). Then n of the N bits read
When the opening bits are 1, the next N-n bits are set to 1 by programmed logic operations in the microcircuit or by wired logic circuits.
(step 7). At this point, the operation ends.

During phase 2, when the sum of requested transactions is less than S, the card reader
(step 8) and then test its value (step 9). When that bit is 1, the transaction is immediately recorded in the corresponding space of area II (step 10).

Conversely, when this bit is still 0, the card reader requests the holder's PIN code in step 11 and verifies whether the entered PIN code is correct (step 12). If the PIN code is incorrect, the transaction will be rejected (to completion). When the PIN code is correct, the card reader, via the internal logic of the microcircuit card, commands the start of the operation of writing the value 1 to the opening bits of the N vacant recording spaces from the beginning of area II (step 13) , then command the recording of the transaction to the first open recording space in area II (
Step 10).

FIG. 2 is a schematic diagram of an apparatus configured to carry out the method described above. This device comprises a card reader L, which has a receptacle F for inserting the microcircuit card CP, a display E thereof, and a connection between the card reader L and the holder of the microcircuit card. A keyboard C is provided for interaction between users. The microcircuit card CP comprises a microcircuit P and possibly a magnetic track and/or a clear text display. The microcircuit P comprises a microprocessor NP which includes logic means for controlling the opening bit in the form of a pre-recorded and inaccessible program and an attachment of the non-erasable EPROM or EEPROM type. It has a memory space M. The attached memory space M includes transaction recording areas I and II, each having a predetermined recording space. Each recording space in recording area II has a
Opening bit provided. This opening bit is initially set to 0 and can be set to 1 by an internal command from the microcircuit.

FIGS. 3(a) and 3(b) show, respectively, the memory area II when there is no space accessible for writing before the holder's PIN code is presented, and the memory area II when the holder's PIN code is present. Following a request for a transaction whose amount is less than the threshold S after being submitted, the first recording space receives a recording of the corresponding transaction, and in an embodiment where N is 5, the four recording spaces have a PIN code. Memory area II when not presented and available for writing, but the subsequent recording space is inaccessible for writing
This is an illustration.

The advantage of the transaction management method according to the invention is that the security of transactions is no different from conventional systems for large transactions due to the systematic presentation of the holder's PIN code, but at the same time It is possible to carry out small transactions with a significantly reduced number of presentations, but without completely opening the corresponding area. This feature is intended to prevent fraud, especially in the case of loss or theft of the microcircuit card. The amount corresponding to the fraudulent act is at most N×S.

The present invention is not limited to the above embodiments. In particular, the memory of the microcircuit card can be divided into more parts to provide a larger number of areas. For example, the number of regions can be three by providing a second threshold value S'(<S). At this time, the microcircuit card presents a larger number of recording spaces in the third area, for example, N
'You can open your own space, but this will cost a small amount,
That is, this is the case for a transaction whose amount is smaller than S'. At this time, area II is held for transactions whose amounts are between S and S'.

Alternatively, the order of the steps in the flowchart of FIG. 1 is provided by way of example only. In the above, steps 6 and 7, which allow the number of spaces opened in area II to be up to N, are carried out after the presentation of the pin code for the large transaction recorded in area I, but are omitted. Alternatively, it may be performed after step 5 of recording in area I.

In another embodiment, the number N is a random number of 0 or 1, depending on the outcome of the lottery. This lottery is based on the fact that when a microcircuit card is introduced into a card reader,
For this purpose, it may be organized in the card reader or in the program of the microcircuit card by algorithms that are automatically entered by the card reader or by the microcircuit card. If the lottery result is 0, you will be asked to enter your password. When N is 1, no password is required. This method can, of course, be combined with the functionality of an authorized consumption threshold. That is, this random lottery is used only when the consumption amount is small. For large amounts, the card reader always needs to be given a pin code. Also, the lottery is not random and may be pseudo-random when the algorithm used in the lottery is more easily used within the limited memory of the microcircuit card.

[Brief explanation of the drawing]

FIG. 1 is a flowchart of an embodiment of a management method according to the invention.

FIG. 2 is a schematic diagram of a device for implementing the management method according to the invention;

FIGS. 3(a) and 3(b) illustrate the memory area used for transactions with amounts less than a threshold, before and after presentation of the holder's PIN code, respectively.

[Explanation of symbols]

L Card reader F　Inlet E Display C Keychain CP micro circuit card P Micro circuit M Memory space

Claims (8)

[Claims] 1. A transaction management method in a system using a combination of a microcircuit card and a card reader, wherein the holder of the microcircuit card is recognized by the system by the holder's personal identification code, comprising: configuring the memory space of said microcircuit card to record said transaction in at least one area that is accessible without presenting said pin code to said system for said transaction; said holder of said pin code; By presenting the
A method characterized in that opening bits are enabled to be written into the memory space until the number of open spaces in the area reaches a predetermined number N (where N is 2 or more). 2. The memory space of the microcircuit card is:
organized into at least two distinct regions, the first
The memory area of the device can be accessed by a first type of transaction by presenting a pin code for each transaction, and the second device area is
A second type of transaction according to the mode according to claim 1 may be accessed, wherein the transaction is read by the card reader depending on whether the amount it represents is greater or less than a predetermined threshold. 2. A method according to claim 1, characterized in that it is directed towards a first memory area or a second memory area of a circuit card. 3. Upon each request for display of a transaction and the amount it includes, the card reader requests the input of the pin code when there is no longer open recording space in the corresponding memory area; In this case, the input of the PIN code enables the writing of N opening bits into N unrecorded spaces from the beginning following the spaces already used in the corresponding memory area. The method according to claim 1 or 2, characterized in that: 4. Entry of a PIN code following a transaction request for an amount greater than the threshold value recorded in the first memory area is performed in the second memory space following an already used space. 4. A method according to claim 3, characterized in that it enables the reading of opening bits of empty spaces and the writing of unwritten spaces for the opening of up to N corresponding spaces. 5. The microcircuit card comprises inaccessible logic means for controlling the writing of opening bits into the recording space of the second memory area, and the memory is of an EPROM type. Transaction management device for implementing the method according to claim 1 or 2, characterized in that it is of the EEPROM type used and is recordable but not erasable. 6. The apparatus according to claim 5, wherein the logic means for controlling the writing of opening bits into the recording space is constituted by a prerecorded program in the microcircuit. 7. The apparatus according to claim 5, wherein the logic means for controlling writing of the opening bit into the recording space is constituted by a logic circuit. 8. A transaction management method in a system using a combination of a microcircuit card and a card reader, wherein the holder of the microcircuit card is recognized by the system by the holder's personal identification code, comprising: configuring the memory space of the microcircuit card to record the transaction in at least one area that can be accessed without presenting the pin code to the system for the transaction, and depending on the outcome of the lottery; A method characterized in that the holder is required to present the PIN code.